The E.U. has been a pioneer in the fields of data protection and online privacy, having first enacted legislation more than 20 years ago. It recently completed a major reform of its data protection framework, which is intended to enhance protections for individuals, provide a single set of harmonized rules for businesses, and simplify procedures for transferring data outside the E.U.
Listed below are some of the most important pieces of E.U. legislation on data protection and privacy which are in force as of November 2022.
The following legislation is no longer in force but may be of interest for historical research.
For those unfamiliar with the different types of E.U. legislation, the following definitions are provided:
The Charter of Fundamental Rights enshrines within a single document the political, social, and economic rights protected by the E.U. It applies to both the E.U. as an institution and to its members states when they implement E.U. law. E.U. courts are empowered to strike down legislation and official actions that are inconsistent with the Charter.
The full text of the Charter is available for download as a PDF. Relevant provisions of the Charter include Article 7 (respect for private and family life), Article 8 (protection of personal data), and Article 11 (freedom of expression and information).
E.U. courts are generating a growing body of case law involving privacy and data protection, most notably the judgment in Google Spain SL and Google Inc. v Agencia Española de Protección de Datos (AEPD) and Mario Costeja González (2014), also known as the “right to be forgotten” case.
To search by keyword for E.U. case law on privacy and data security, use the EUR-Lex database’s Advanced Search tool and select EU law and case-law→Case-law from the Collection menu in the center of the page to limit your search to cases. Searchable databases of E.U. case law also are available on Lexis and Westlaw.
E.U. Data Protection Portal
The European Commission, the executive arm of the E.U., maintains this convenient gateway for information about the E.U.’s data protection and privacy law. Relevant sections include:
European Data Protection Board: Directory of National Data Protection Authorities
The EDPB maintains this page with links to and contact information for the national data protection authorities of E.U. and EEA members.